diff options
| author | Chocobozzz <florian.bigard@gmail.com> | 2017-10-17 16:53:10 +0200 |
|---|---|---|
| committer | Chocobozzz <florian.bigard@gmail.com> | 2017-10-17 16:53:10 +0200 |
| commit | 49347a0a8b64559192d8f29f1237308025a48fd4 (patch) | |
| tree | fca36cdbd9d0259313234c7e5703276f672364e9 /server/controllers | |
| parent | c6e0bfbf582205410bf166118956a368f6a4cbaa (diff) | |
| download | PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.gz PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.tar.zst PeerTube-49347a0a8b64559192d8f29f1237308025a48fd4.zip | |
Escape opengraph/oembed tags
Diffstat (limited to 'server/controllers')
| -rw-r--r-- | server/controllers/client.ts | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts index e3c962058..6a2ac4aab 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts | |||
| @@ -10,7 +10,7 @@ import { | |||
| 10 | STATIC_MAX_AGE, | 10 | STATIC_MAX_AGE, |
| 11 | OPENGRAPH_AND_OEMBED_COMMENT | 11 | OPENGRAPH_AND_OEMBED_COMMENT |
| 12 | } from '../initializers' | 12 | } from '../initializers' |
| 13 | import { root, readFileBufferPromise } from '../helpers' | 13 | import { root, readFileBufferPromise, escapeHTML } from '../helpers' |
| 14 | import { VideoInstance } from '../models' | 14 | import { VideoInstance } from '../models' |
| 15 | 15 | ||
| 16 | const clientsRouter = express.Router() | 16 | const clientsRouter = express.Router() |
| @@ -47,21 +47,24 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance | |||
| 47 | const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName() | 47 | const previewUrl = CONFIG.WEBSERVER.URL + STATIC_PATHS.PREVIEWS + video.getPreviewName() |
| 48 | const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid | 48 | const videoUrl = CONFIG.WEBSERVER.URL + '/videos/watch/' + video.uuid |
| 49 | 49 | ||
| 50 | const videoName = escapeHTML(video.name) | ||
| 51 | const videoDescription = escapeHTML(video.description) | ||
| 52 | |||
| 50 | const openGraphMetaTags = { | 53 | const openGraphMetaTags = { |
| 51 | 'og:type': 'video', | 54 | 'og:type': 'video', |
| 52 | 'og:title': video.name, | 55 | 'og:title': videoName, |
| 53 | 'og:image': previewUrl, | 56 | 'og:image': previewUrl, |
| 54 | 'og:url': videoUrl, | 57 | 'og:url': videoUrl, |
| 55 | 'og:description': video.description, | 58 | 'og:description': videoDescription, |
| 56 | 59 | ||
| 57 | 'name': video.name, | 60 | 'name': videoName, |
| 58 | 'description': video.description, | 61 | 'description': videoDescription, |
| 59 | 'image': previewUrl, | 62 | 'image': previewUrl, |
| 60 | 63 | ||
| 61 | 'twitter:card': 'summary_large_image', | 64 | 'twitter:card': 'summary_large_image', |
| 62 | 'twitter:site': '@Chocobozzz', | 65 | 'twitter:site': '@Chocobozzz', |
| 63 | 'twitter:title': video.name, | 66 | 'twitter:title': videoName, |
| 64 | 'twitter:description': video.description, | 67 | 'twitter:description': videoDescription, |
| 65 | 'twitter:image': previewUrl | 68 | 'twitter:image': previewUrl |
| 66 | } | 69 | } |
| 67 | 70 | ||
| @@ -69,7 +72,7 @@ function addOpenGraphAndOEmbedTags (htmlStringPage: string, video: VideoInstance | |||
| 69 | { | 72 | { |
| 70 | type: 'application/json+oembed', | 73 | type: 'application/json+oembed', |
| 71 | href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl), | 74 | href: CONFIG.WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(videoUrl), |
| 72 | title: video.name | 75 | title: videoName |
| 73 | } | 76 | } |
| 74 | ] | 77 | ] |
| 75 | 78 | ||